The successful Senior IT Auditor coaches Interns, Consultants, and facilitates the successful completion of project work plan. Serving as both role model and trainer, the Senior IT Auditor demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency. The Senior IT Auditor learns to identify areas of risk and opportunities to improve efficiencies. Relationships with client personnel and professional associates strengthen as the ability to communicate, gain trust and network improves. At the direction of managers, the Senior Consultant may accept responsibility for decision-making, ranging from staffing and preparation of deliverables to application of methodologies.The Senior IT Audit role may be a good fit for you if:• You enjoy identifies areas of business risk, potential technical problems, and opportunities to improve the efficiency and profitability of the client’s overall business processes.• You are passionate about evaluating, synthesizing, organizing and interpreting data and information.• You create a positive work environment that fosters open communication among all engagement team members.• You effectively build relationships with your clients and provide them with timely top quality service.• You have an inherent interest in project management and team leadership. You seek new ways to create extraordinary development opportunities and ways for your team to make an impact on our clients and communities.Other duties and skills of the successful Senior IT Auditor will include:• Advanced verbal and written communication skills, including documentation of findings and recommendations.• An in-depth understanding of IT audit methodologies, concepts, tools and objectives.• Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.• Establishing and cultivating critical business relationships / networking with senior executives.• Understanding of commonly used internal control frameworks, including COBIT, ISO 27001, NIST Cybersecurity Framework, ITIL, etc.• Knowledge of Sarbanes-Oxley Act provisions and methodologies for achieving compliance, in particular the technology implications and requirements.• Knowledge of audit methodologies and developing key internal audit deliverables including process flows, work programs, audit reports, and control summaries.• Ability to translate technology topics and audit issues into “business speak” to be understood by executives.• Supervisory experience of teams including mentoring / coaching, oversight and review of work, coordination across teams, and understanding how to motivate.REQUIREMENTSThe Educational and Professional Qualifications of the successful IT Auditor include:• Bachelor’s degree, preferably in relevant discipline (e.g. Accounting, Finance, Information Technology, Cybersecurity, or Business Related Field).• 3+ years working in IT audit, consulting, assurance services, or related field, either in professional services or industry.• Proficiency in Microsoft Office suite applications with specific emphasis on Word, Excel and PowerPoint. Secondary emphasis on Visio and Access.• Professional Certification such as CPA, CIA, CISA, CISSP, or similar strongly preferred.
Robert Half • Philadelphia, U.S.
An American Company is seeking a Remote Pen Tester Role Description • Work closely with Scrum Teams as a security consultant and educator. • Through hands-on testing, verify security controls are in place for recently deployed applications and solutions. • Automate repeatable security checks through scripting or other techniques. • Assess and recommend methods for consistently implementing security controls through DevOps workflow. • Create reports both summarizing and detailing findings for Devops, Scrum, and Security Teams. Coordinate with Information Security and Scrum teams to ensure work is prioritized based on risk to the organization. Skills & Requirements • Bachelor’s degree in Information Systems or related field or equivalent work experience. • 5+ years of experience performing penetration tests. • Knowledge of managing the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation. • Scripting and / or programming experience. • Excellent organization, communication, collaboration, and interpersonal skills. • Ability to communicate and present complex issues and ideas with precision and clarity, adjusting appropriately for the audience; ability to communicate effectively at all levels of the organization. • Experience working within a large, complex corporate environment providing consulting services on large initiatives. • Experience managing and prioritizing multiple tasks in an effective manner. • Knowledge and understanding of network and security fundamentals, protocols, and technologies. • Strong understanding of mitigating security controls (i.e., anti-virus, IPS/IDS, email filtering, web site blocking, patching) and how they work in an overall defense in depth risk assessment methodology. • Understanding of Technology Platforms (Windows, Linux, Open Source, Middleware Applications, Database Applications, Firewalls). • Experience developing and providing effective and professional presentations to all levels (including Senior Management). • Knowledge of cloud computing technology (e.g. Azure, Google Cloud, AWS, etc.). Preferred Qualifications: • Industry-recognized security, network, or other professional certifications. • Experience in conducting training and mentoring of less experienced security professionals. • Strong subject matter expertise in penetration testing and vulnerability remediation. • Strong understanding of Information Security industry standards/best practices such as NIST. • Strong understanding of Information Security related laws and regulations including HIPAA and PCI. • Experience with engineering and/or architecture of technologies such as network firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and APT prevention technologies. • Working knowledge of MITRE ATT&CK Framework, Penetration Testing Framework (PTF), and OWASP. • Knowledge of API security best practices.
HAYS PLC • Tampa, U.S.
Cyber Security Engineer – Perm. – Chicago or DallasThe end client is unable to sponsor or transfer visas for this position; all parties authorized to work in the US without sponsorship are encouraged to apply. An American Company is seeking a Cyber Security Engineer in Chicago, IL. or Dallas, TX. Role Description The Security Engineer II performs security risk assessments on new and current technologies, analyzes and reports on vulnerabilities as part of the overall vulnerability management function, collaborates with Security Architecture on projects, and provides subject matter expertise for Information Security. ESSENTIAL FUNCTIONS • Perform Risk Assessments for IT projects, technologies and third-parties (e.g., vendors and service providers). • Respond to security assessments, questionnaires and audits from clients and third-party business partners. • Subject matter expert for Information Security, consulting to technical and non-technical management, and attorneys as necessary. • Evaluate and recommend security technologies and solutions. Plan and execute projects to implement new technologies and controls or to upgrade existing ones. Create and maintain system, procedural and support documentation. • Contribute to the development and maintenance of security policies, standards, processes and guidelines. • Participate in issues management (exception and findings requests) as needed. • Collect information on emerging threats including software vulnerabilities. Coordinate triage of and response to vulnerability information. Disseminate this information regularly to firm staff and management as appropriate. • Participate in long-term strategy and planning for Information Security. Skills & Requirements • Five (5) years of work experience in IT Security is required • 4-year college degree in information technology or equivalent experience • Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security • Certified Professional (OSCP) are preferred • Experience with assessments in Windows and Unix is required • Knowledge of IT security controls and IT infrastructure is required • Understanding of cloud technologies such as Microsoft Azure IaaS and SaaS • Scripting/automation experience such as Python, PowerShell and API integrations is preferred • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG… is required • Outstanding communication (verbal, written, visualization and listening) skills • Self-starter who can work independently as well as in a team setting • Interest in understanding customer perspective to aid in the development of the right solution • Commitment to delivering quality solutions • Ability to communicate technical topics to a non-technical audience • The ability to research and solve complex security and networking challenges • Demonstrated personal skills to effectively cooperate and communicate with business partners • 2 plus years’ experience in the design of strong security architectures that protect networks from threats and vulnerabilities • Demonstration of strong business acumen with analytical, interpersonal, multi-tasking, negotiations, industry knowledge, project management and communication, written as well as oral skills
HAYS PLC • Chicago, U.S.